Critical severityNVD Advisory· Published Oct 19, 2018· Updated Sep 16, 2024
CVE-2018-18529
CVE-2018-18529
Description
ThinkPHP 3.2.4 has SQL Injection via the count parameter because the Library/Think/Db/Driver/Mysql.class.php parseKey function mishandles the key variable. NOTE: a backquote character is not required in the attack URI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
topthink/frameworkPackagist | <= 3.2.4 | — |
Affected products
1Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-78q9-24gv-g288ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-18529ghsaADVISORY
- www.kingkk.com/2018/10/Thinkphp-%E8%81%9A%E5%90%88%E6%9F%A5%E8%AF%A2%E6%BC%8F%E6%B4%9E/ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.